Merge branch pull request #7 into aspeed-dev-v2019.04

Change-Id: I4c4f36b8edf63beb7b3afea6e4ba71f254b895c5

image: Be a little more verbose when checking signatures

It is useful to be a little more specific about what is being checked.
Update a few messages to help with this.

Signed-off-by: Simon Glass <

image: Be a little more verbose when checking signatures

It is useful to be a little more specific about what is being checked.
Update a few messages to help with this.

Signed-off-by: Simon Glass <sjg@chromium.org>
(cherry picked from commit 382cf62039f775a1aec771645e3cbc32e1e2f0e3)
Signed-off-by: Joel Stanley <joel@jms.id.au>

show more ...

Merge branch '2018-12-03-master-imports'

- Baltos platform updates
- rtc m41t62 converted to DM.
- PowerPC MPC8xx DM conversion
- Verified boot updates

rsa: add a structure for the padding

The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to man

rsa: add a structure for the padding

The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures

When generating timestamps in signatures, use imagetool_get_source_date()
so we can be overridden by SOURCE_DATE_EPOCH to generate

mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures

When generating timestamps in signatures, use imagetool_get_source_date()
so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible
images.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromum.org>

show more ...

vboot: Do not use hashed-strings offset

The hashed-strings signature property includes two uint32_t values.
The first is unneeded as there should never be a start offset into the
strings region. The

vboot: Do not use hashed-strings offset

The hashed-strings signature property includes two uint32_t values.
The first is unneeded as there should never be a start offset into the
strings region. The second, the size, is needed because the added
signature node appends to this region.

See tools/image-host.c, where a static 0 value is used for the offset.

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

Merge git://git.denx.de/u-boot-dm

fix incorrect usage of DT node unit address in comments

The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is

fix incorrect usage of DT node unit address in comments

The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the tree where node names were mentioned in
comments, to not give bad examples to the reader.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

tools: image: fix message when fail to add verification data for config

This function is called when signing configuration nodes. Adjust
the error message.

I do not know why we do not need to show

tools: image: fix message when fail to add verification data for config

This function is called when signing configuration nodes. Adjust
the error message.

I do not know why we do not need to show the error message in case of
ENOSPC. Remove the if-conditional that seems unnecessary.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

tools: image: allow to sign image nodes without -K option

If -K option is missing when you sign image nodes, it fails with
an unclear error message:

tools/mkimage Can't add hashes to FIT blob: -1

tools: image: allow to sign image nodes without -K option

If -K option is missing when you sign image nodes, it fails with
an unclear error message:

tools/mkimage Can't add hashes to FIT blob: -1

It is hard to figure out the cause of the failure.

In contrast, when you sign configuration nodes, -K is optional because
fit_config_process_sig() returns successfully if keydest is unset.
Probably this is a preferred behavior when you want to update FIT with
the same key; you do not have to update the public key in this case.

So, this commit changes fit_image_process_sig() to continue signing
without keydest. If ->add_verify_data() fails, show a clearer error
message, which has been borrowed from fit_config_process_sig().

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

tools: image: fix "algo" property of public key for verified boot

The "algo_name" points to a property in a blob being edited. The
pointer becomes stale when fit_image_write_sig() inserts signature

tools: image: fix "algo" property of public key for verified boot

The "algo_name" points to a property in a blob being edited. The
pointer becomes stale when fit_image_write_sig() inserts signatures.
Then crypto->add_verify_data() writes wrong data to the public key
destination.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

tools: image: fix node name of signature node in FIT

Both "conf_name" and "sig_name" point to the name of config node.
The latter should be the name of the signature node.

Signed-off-by: Masahiro Y

tools: image: fix node name of signature node in FIT

Both "conf_name" and "sig_name" point to the name of config node.
The latter should be the name of the signature node.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

mkimage: Add support for signing with pkcs11

Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, e

mkimage: Add support for signing with pkcs11

Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Signed-off-by: Stefano Babic <sbabic@denx.de>

image: Combine image_sig_algo with image_sign_info

Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer th

image: Combine image_sig_algo with image_sign_info

Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

image: Add crypto_algo struct for RSA info

Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checks

image: Add crypto_algo struct for RSA info

Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7

[NOTE: I took v1 of these patches in, and then v2 came out, this commit
is squashing the minor deltas from v1 -> v2 of updates to c236

tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7

[NOTE: I took v1 of these patches in, and then v2 came out, this commit
is squashing the minor deltas from v1 -> v2 of updates to c236ebd and
2b9ec76 into this commit - trini]

- Added an additional NULL check, as suggested by Simon Glass to
fit_image_process_sig
- Re-formatted the comment blocks

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
[For merging the chnages from v2 back onto v1]
Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

tools: Fix return code of fit_image_process_sig()

When signing images, we repeatedly call fit_add_file_data() with
successively increasing size values to include the keys in the DTB.

Unfortunately,

tools: Fix return code of fit_image_process_sig()

When signing images, we repeatedly call fit_add_file_data() with
successively increasing size values to include the keys in the DTB.

Unfortunately, if large keys are used (such as 4096 bit RSA keys), this
process fails sometimes, and mkimage needs to be called repeatedly to
integrate the keys into the DTB.

This is because fit_add_file_data actually returns the wrong error
code, and the loop terminates prematurely, instead of trying again with
a larger size value.

This patch corrects the return value and also removes a error message,
which is misleading, since we actually allow the function to fail. A
(hopefully helpful) comment is also added to explain the lack of error
message.

This is probably related to 1152a05 ("tools: Correct error handling in
fit_image_process_hash()") and the corresponding error reported here:

https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html

Signed-off-by: Mario Six <mario.six@gdsys.cc>

show more ...

tools: Correct error handling in fit_image_process_hash()

We should not be returning -1 as an error code. This can mask a situation
where we run out of space adding things to the FIT. By returning t

tools: Correct error handling in fit_image_process_hash()

We should not be returning -1 as an error code. This can mask a situation
where we run out of space adding things to the FIT. By returning the correct
error in this case (-ENOSPC) it can be handled by the higher-level code.

This may fix the error reported by Tom Van Deun here:

https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html

although I am not sure as I cannot actually repeat it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Tom Van Deun <tom.vandeun@wapice.com>
Reviewed-by: Teddy Reed <teddy.reed@gmail.com>

show more ...

Merge branch 'agust@denx.de' of git://git.denx.de/u-boot-staging

tools: fix typo in tools/image-host.c

fix a typo in error printf. If FIT_CONFS_PATH is not found
print FIT_CONFS_PATH not FIT_IMAGES_PATH.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass

tools: fix typo in tools/image-host.c

fix a typo in error printf. If FIT_CONFS_PATH is not found
print FIT_CONFS_PATH not FIT_IMAGES_PATH.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Signed-off-by: Stefano Babic <sbabic@denx.de>

Conflicts:
boards.cfg

Merge branch 'u-boot/master' into 'u-boot-arm/master'

Enhance fit_check_sign to check all images

At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Sig

Enhance fit_check_sign to check all images

At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)

show more ...